package com.rayc.springsecurity.config;

import com.rayc.springsecurity.service.UserServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

import javax.sql.DataSource;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    @Autowired
    private DataSource dataSource;
    @Autowired
    private PersistentTokenRepository persistentTokenRepository;
    @Autowired
    private UserServiceImpl userService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // TODO Auto-generated method stub
        //表单提交
        http.formLogin()
                //自定义参数
//                .usernameParameter("username123")
//                .passwordParameter("password123")
                //自定义登录页面
                .loginPage("/login.html")
                //必须和表单提交接口一样
                .loginProcessingUrl("/login")
                //登录成功后跳转的路径,只接受POST请求
                .successForwardUrl("/toMain")
                //登录失败后跳转的路径,只接受POST请求
                .failureForwardUrl("/toError");

        //授权
        http.authorizeRequests()
                //放行,不需要认证
                .antMatchers("/login.html").permitAll()
                .antMatchers("/error.html").permitAll()
                //放行静态资源
                .antMatchers("/css/**","/js/**","/images/**").permitAll()
                .antMatchers("/**/*.png").permitAll()
                //mvc匹配
//                .mvcMatchers("/demo").servletPath("/xxx").permitAll()
//                .antMatchers("/xxx/demo").permitAll()
                //权限控制。区分大小写
//                .antMatchers("/main1.html").hasAnyAuthority("admin","admiN")
                //角色控制
//                .antMatchers("/main1.html").hasRole("abc")
                //需要认证
                .anyRequest().authenticated();

        //rememberme
        http.rememberMe()
                .tokenRepository(persistentTokenRepository)
                //过期时间，默认两周
                .tokenValiditySeconds(60)
                //自定义登录
                .userDetailsService(userService);
        //跨站请求伪造，类似防火墙
        http .csrf().disable();
    }

    @Bean
    public PasswordEncoder getPw(){
        return new BCryptPasswordEncoder();
    }

    @Bean
    public PersistentTokenRepository persistentTokenRepository(){
        JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
        //设置数据源
        jdbcTokenRepository.setDataSource(dataSource);
        //自动建表，第一次开启自动建表，之后关闭
//        jdbcTokenRepository.setCreateTableOnStartup(true);
        return jdbcTokenRepository;
    }
}
